Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Hijack this Log

  1. #1
    Member
    Join Date
    Jun 2006
    Posts
    6
    Points
    0

    Default Hijack this Log

    I've been trying to get rid of crazy amounts of pop ups including winfixer, system registry identified, Sysprotect, etc. I've tried many different things and nothing seems to be working! Here's my Hijack This log...please help!!

    Logfile of HijackThis v1.99.1
    Scan saved at 12:40:48 PM, on 6/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\c89d1b24.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
    O2 - BHO: (no name) - {B91FAB9C-4E34-4C82-98A2-7FEFF5F67E01} - C:\WINDOWS\system32\knbinykb.dll
    O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\geedc.dll
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [rock] rock.exe
    O4 - HKLM\..\Run: [c89d1b24.exe] C:\WINDOWS\system32\c89d1b24.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [c89d1b24.exe] C:\Documents and Settings\Kathleen.KATHI\Local Settings\Application Data\c89d1b24.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O16 - DPF: {01BC921D-8710-726B-49D5-11BB57F3E8A3} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {04D17E94-8E50-435C-22E9-5FE119AB23ED} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {082BAF18-F273-1664-025E-29BA00A211C6} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {0FC3F66D-7415-4A05-EA55-3B5154FF45D2} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {10FFE260-07EE-5439-4C81-7CBA0683244A} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {1E9DBD80-86D6-5F32-B585-49893BF881EF} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {2203E3C0-A2C4-01B3-349B-4461619E787C} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {227ED178-CB82-78E1-7934-74C717AE3DE9} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {29E374FE-7370-2148-62B4-221A229B2C31} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {2F057EBF-A902-1094-7823-301622060885} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {30D96334-C0EB-7276-E987-1BB3523A1379} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {314F1C1E-F246-257D-1FBE-56965FB8A913} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {31EF61BD-6868-784E-54A6-0E8F4226F3CE} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {357B9E35-B44E-7267-A84D-04B20CCD7D35} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {43696226-D7A5-7131-74BF-4A7C76301543} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {43FD7724-70D5-761E-F288-7B64532BE6BD} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {45D2E175-28C8-3030-E183-3862270DB589} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {467D5B03-F50F-01AF-C010-68946B499755} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {4FAE1170-D5FB-4054-7989-6C1D556EA88F} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {50084FB6-B482-0366-BAD2-12BE48D29F3E} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {52F9F3DD-180F-68E4-828C-308D5D76472C} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {546E9883-7471-037C-3DAD-47A62C14E686} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {5AB322D9-3A77-2AED-1C52-2DCE5702C101} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {5B919664-A424-2238-7C17-12621E381334} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {5BDD896C-6B22-665A-8BB8-186A325D48F0} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {5C4A4D95-AC25-5C8B-0224-57021E90EFC4} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {5C5A91DB-E01F-1841-B2D9-3C79345AF06C} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {60209B3C-5C6D-460F-3AB6-444D7CA80F23} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {613CD817-867F-506B-8B39-2AC23A802D7B} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {635E25CF-8B68-006A-ACF1-5B667759E8D2} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {6363B0CE-4A06-3483-BD2F-2B312407EEDA} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {64DD285B-103D-6925-69FA-0AF87D829E4D} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {6C50D73F-CC16-0EE2-FD03-7CD6126BAC4A} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {745458F5-D925-1BF6-2245-710A1EB7E417} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {7596626C-51C6-152F-C357-53636402B002} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {75ADD699-FC27-553A-A9BF-4D723B071DC9} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {75DDC039-A0A6-1BDB-AA7E-00A02D5D1B4E} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {77F36430-A48F-07AF-5761-45C57E7B6674} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {7D328B10-EAB6-3557-4293-5AFE562B030C} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {7F7D23E2-0A6E-7EF6-E19F-1375707F0D3D} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...nerInstall.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{95CAA39D-1669-46C6-8F7F-1872524D165D}: NameServer = 71.242.0.12 151.197.0.38
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

  2. #2
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    Please select and install one of these free Firewall applications:
    ZoneAlarm Free Version
    Outpost Free
    Kerio

    When the installation completes successfully, reboot the computer.

    Please decide which antivirus software to keep, AVG or McAfee. Running two antivirus applications in real time actually reduces your level of security protection. You also run the risk of losing data from a system crash that the instability can cause.

    Please uninstall the following software:
    MyWebSearchBar
    WeatherBug
    (Ad supported)
    Antivirus application (one of them)

    1) Click on Start, Control Panel

    2) Double click on Add/Remove Programs

    3) Find "MyWebSearch", "WeatherBug", and the antivirus application you chose to uninstall in the list of installed programs and click on Change/Remove to uninstall them. You may also want to uninstall any of the following items associated with FunWebProducts.

    * My Way Speedbar (Smiley Central or other FWP as applicable)
    * Search Assistant - My Way

    When the Uninstallation completes, please reboot the computer.


    Note: Delete the folders for:

    * FunWebProducts
    * MyWebSearch
    * WeatherBug (AWS)
    * Antivirus product you uninstalled

    Try this Desktop weather application.

    Please download VundoFix.exe to your desktop. Do Nothing With It Yet

    Disconnect from the Internet and disable these protective applications as they will interfere with this fix:
    Windows Defender
    SpywareGuard


    Click start-->all programs-->Windows Defender
    When the application opens, click the "tools" icon at the top.
    Click the "general settings" icon. Scroll down and remove the check from "Turn on real-time protection (recommended)". Click "save", close
    the application and reboot your computer.

    Without Connecting to the Internet, continue with these instructions:
    Temporarily disable your SpywareGuard:
    Right-click on the System tray icon of Spywareguard. It will open the
    program.
    Click on the "Options" tab.
    Please uncheck all three options, "Enable Real-Time
    Scanning","Enable Download Protection", and "Enabled Browser Hijack
    Protection".
    Then go to Menu, File, Exit.
    Click 'Yes' to confirm. Do Not Reboot this time as you would just have to repeat the steps above to disable SpywareGuard.

    Find the VundoFix.exe you downloaded to your Desktop.
    • * Double-click VundoFix.exe to run it.
      * Put a check next to Run VundoFix as a task.
      * You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
      * When VundoFix re-opens,Click Scan for Vundo button.
      * Once the scan is complete, Right Click inside the listbox (white box) and click add more files
      * Copy&Paste the entry below into the top box

      C:\WINDOWS\system32\geedc.dll


      * Click Add Files and Click Close Window
      * Click the Remove Vundo button.
      * You will receive a prompt asking if you want to remove the files, click YES
      * Once you click yes, your desktop will go blank as it starts removing Vundo.
      * When completed, it will prompt that it will shutdown your computer, click OK.
      * Turn your computer back on and complete the instructions below.


    First make sure your SpywareGuard is disabled. Please run HijackThis again and put a check in the box next to these entries that may still exist:

    O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
    O2 - BHO: (no name) - {B91FAB9C-4E34-4C82-98A2-7FEFF5F67E01} - C:\WINDOWS\system32\knbinykb.dll
    O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\geedc.dll
    O4 - HKLM\..\Run: [rock] rock.exe
    O4 - HKLM\..\Run: [c89d1b24.exe] C:\WINDOWS\system32\c89d1b24.exe
    O4 - HKCU\..\Run: [c89d1b24.exe] C:\Documents and Settings\Kathleen.KATHI\Local Settings\Application Data\c89d1b24.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O16 - DPF: {01BC921D-8710-726B-49D5-11BB57F3E8A3} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {04D17E94-8E50-435C-22E9-5FE119AB23ED} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {082BAF18-F273-1664-025E-29BA00A211C6} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {0FC3F66D-7415-4A05-EA55-3B5154FF45D2} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {10FFE260-07EE-5439-4C81-7CBA0683244A} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {1E9DBD80-86D6-5F32-B585-49893BF881EF} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {2203E3C0-A2C4-01B3-349B-4461619E787C} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {227ED178-CB82-78E1-7934-74C717AE3DE9} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {29E374FE-7370-2148-62B4-221A229B2C31} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {2F057EBF-A902-1094-7823-301622060885} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {30D96334-C0EB-7276-E987-1BB3523A1379} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {314F1C1E-F246-257D-1FBE-56965FB8A913} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {31EF61BD-6868-784E-54A6-0E8F4226F3CE} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {357B9E35-B44E-7267-A84D-04B20CCD7D35} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {43696226-D7A5-7131-74BF-4A7C76301543} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {43FD7724-70D5-761E-F288-7B64532BE6BD} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {45D2E175-28C8-3030-E183-3862270DB589} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {467D5B03-F50F-01AF-C010-68946B499755} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {4FAE1170-D5FB-4054-7989-6C1D556EA88F} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {50084FB6-B482-0366-BAD2-12BE48D29F3E} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {52F9F3DD-180F-68E4-828C-308D5D76472C} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {546E9883-7471-037C-3DAD-47A62C14E686} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {5AB322D9-3A77-2AED-1C52-2DCE5702C101} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {5B919664-A424-2238-7C17-12621E381334} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {5BDD896C-6B22-665A-8BB8-186A325D48F0} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {5C4A4D95-AC25-5C8B-0224-57021E90EFC4} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {5C5A91DB-E01F-1841-B2D9-3C79345AF06C} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {60209B3C-5C6D-460F-3AB6-444D7CA80F23} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {613CD817-867F-506B-8B39-2AC23A802D7B} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {635E25CF-8B68-006A-ACF1-5B667759E8D2} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {6363B0CE-4A06-3483-BD2F-2B312407EEDA} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {64DD285B-103D-6925-69FA-0AF87D829E4D} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {6C50D73F-CC16-0EE2-FD03-7CD6126BAC4A} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {745458F5-D925-1BF6-2245-710A1EB7E417} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {7596626C-51C6-152F-C357-53636402B002} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {75ADD699-FC27-553A-A9BF-4D723B071DC9} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {75DDC039-A0A6-1BDB-AA7E-00A02D5D1B4E} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {77F36430-A48F-07AF-5761-45C57E7B6674} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {7D328B10-EAB6-3557-4293-5AFE562B030C} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {7F7D23E2-0A6E-7EF6-E19F-1375707F0D3D} - http://85.255.115.229/1/gdnUS250.exe
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/sysprotect.com/ scanner/pages/scanner/SysProtectScannerInstall.cab
    O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll


    Close all windows except for HijackThis before clicking Fix Checked.

    Please boot into safe mode by doing the following:

    1. Restart your computer

    2. When the first black screen comes up, begin tapping the F8 key repeatedly until you see the "Advanced" log on menu.
    3. Select the first option, to run Windows in Safe Mode.

    When you are at the logon prompt, log in as an Administrator
    Once in safe mode, continue with the instructions below:

    Using Windows Explorer, locate and delete the following files indicated in Bold text if still present:
    C:\WINDOWS\system32\rock.exe
    C:\WINDOWS\system32\c89d1b24.exe
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Application Data\c89d1b24.exe
    C:\WINDOWS\system32\geedc.dll

    Reboot the computer back to your normal user mode.

    Download the latest version of Ewido.

    Install it and reboot your computer.

    Open Ewido.

    1. Click the Update Now line. When the update completes, please reboot the computer into Safe mode.
    2. Once in safe mode, open Ewido and click the "Scanner" button on the top line.
    3. Click the "Complete System Scan" line to begin the scan.
    4. When the scan is complete, click the "Save Report" button to save the report.
    5. Click the "Scanner" button on the top to return to the results.
    6. Click the "Set All Elements to" Recommended Action.
    7. Click the "Apply all actions" button.
    8. Click on the "Reports" Icon at the top.
    9. Click on the report that was generated today to see the results on the right side.
    10. Highlight the results on the right side and copy and paste them into Notepad. Save it to your Desktop to include in your next reply.

    Reboot back to your normal user mode and run HijackThis again. Click "Do a system scan and save a logfile". Copy and paste that log and your log from the Ewido scan back here in this thread. Thanks and good luck!
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.

  3. #3
    Member
    Join Date
    Jun 2006
    Posts
    6
    Points
    0

    Default Thanks 1972vet!

    Sorry it took me a while to get through all of that, I was on vacation. Things seem to be working much better! Here's a copy of both of those logs though:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:32:24 PM, on 7/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\dell\bldbubg.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


    ewido anti-spyware - Scan Report---------------------------------------------------------

    + Created at: 12:20:46 AM 7/8/2006

    + Scan result:



    C:\Program Files\MSN\MsnInstaller\msninst.exe -> Adware.BetterInternet : No action taken.
    HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : No action taken.
    HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : No action taken.
    HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : No action taken.
    C:\VundoFix Backups\geedc.dll -> Adware.Virtumonde : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : No action taken.
    C:\WINDOWS\Downloaded Program Files\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\6L4HM50L\WinFixer2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\6L4HM50L\WinFixerScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\6L4HM50L\WinFixerScannerInstall[2].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\8N0EM6ZN\WinFixer2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\9GKRP505\WinFixerScannerInstall[3].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\C1UBIVGD\WinFixerScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\GJB7E49P\WinFixerScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\I1RCDORQ\WinFixer2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\49QB8TMV\SysProtectScannerInstall[1].cab/USYP_0001_N73M0704NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.f : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
    C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@com[1].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.


    ::Report end

    That should be it. Thanks again!!

  4. #4
    Member
    Join Date
    Jun 2006
    Posts
    6
    Points
    0

    Default Thanks 1972vet!

    Sorry it took me a while to get through all of that, I was on vacation. Things seem to be working much better! Here's a copy of both of those logs though:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:32:24 PM, on 7/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\dell\bldbubg.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


    ewido anti-spyware - Scan Report---------------------------------------------------------

    + Created at: 12:20:46 AM 7/8/2006

    + Scan result:



    C:\Program Files\MSN\MsnInstaller\msninst.exe -> Adware.BetterInternet : No action taken.
    HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : No action taken.
    HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : No action taken.
    HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : No action taken.
    C:\VundoFix Backups\geedc.dll -> Adware.Virtumonde : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : No action taken.
    C:\WINDOWS\Downloaded Program Files\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\6L4HM50L\WinFixer2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\6L4HM50L\WinFixerScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\6L4HM50L\WinFixerScannerInstall[2].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\8N0EM6ZN\WinFixer2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\9GKRP505\WinFixerScannerInstall[3].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\C1UBIVGD\WinFixerScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\GJB7E49P\WinFixerScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\I1RCDORQ\WinFixer2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\49QB8TMV\SysProtectScannerInstall[1].cab/USYP_0001_N73M0704NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.f : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
    C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@com[1].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.


    ::Report end

    That should be it. Thanks again!!

  5. #5
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    Please open Ewido.
    On the main screen select the icon Update then select the Update now link.
    Next select the Start Update button, the update will start and a progress bar will show the updates being installed.

    Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
    Once in the Settings screen click on Recommended actions and then select Quarantine.
    Under Reports
    Select Automatically generate report after every scan
    Un-Select Only if threats were found


    Close ewido anti-spyware.

    Please boot into Safe mode:

    Restart the computer and immediately begin tapping the F8 key (or F5 on some Dell machines).
    Use the arrow keys to highlight Safe Mode and press the Enter key. Once in safe mode, continue with the instructions below:

    • Launch ewido anti-spyware by double-clicking the icon on your desktop.
    • Select the Scanner icon at the top, then the Scan tab then click on Complete System Scan.
    • ewido will now begin the scanning process, be patient this may take some time.
      Once the scan is complete do the following:
    • When prompted of an infection, please select Apply all actions
    • Next select the Reports icon at the top.
    • Select the Save report as button in the lower left hand of the screen and save it to your Desktop.

    Now close ewido anti-spyware.

    Reboot back into your normal user mode and post back the Ewido log. Your HijackThis log looks fine. Ewido wanted to remove lots of garbage but was not afforded the opportunity as perhaps my original instructions were not so explicit.
    Thanks!
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.

  6. #6
    Member
    Join Date
    Jun 2006
    Posts
    6
    Points
    0

    Default

    Ok I did all that you said, now this is probably a silly problem that I could figure out myself if I thought for a second, but when I went into safe mode, you said to log in under "administrator," so I saved the ewido scan on the administrator desktop. When I restart, I don't have the administrator option in normal mode, and I can't figure out how to retrieve the file. Should I run the ewido scan under my settings to get the log?

  7. #7
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    If your normal user mode is a limited account, then you will have to go back into safe mode, log in as administrator and retrieve that log. If your normal user account mode is "Owner", then by default, you also have administrative rights and the log you run in safe mode as administrator should also be available to you in your "owner" account since it also is an administrator account.

    To retrieve it, click start-->My Computer-->local disk-->Documents and Settings-->Administrator-->Desktop
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.

  8. #8
    Member
    Join Date
    Jun 2006
    Posts
    6
    Points
    0

    Default

    Ok thanks! That worked, here's the ewido scan report:


    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 12:20:46 AM 7/8/2006

    + Scan result:



    C:\Program Files\MSN\MsnInstaller\msninst.exe -> Adware.BetterInternet : No action taken.
    HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : No action taken.
    HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : No action taken.
    HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : No action taken.
    C:\VundoFix Backups\geedc.dll -> Adware.Virtumonde : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : No action taken.
    C:\WINDOWS\Downloaded Program Files\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\6L4HM50L\WinFixer2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\6L4HM50L\WinFixerScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\6L4HM50L\WinFixerScannerInstall[2].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\8N0EM6ZN\WinFixer2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\9GKRP505\WinFixerScannerInstall[3].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\C1UBIVGD\WinFixerScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\GJB7E49P\WinFixerScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\I1RCDORQ\WinFixer2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Local Settings\Temporary Internet Files\Content.IE5\49QB8TMV\SysProtectScannerInstall[1].cab/USYP_0001_N73M0704NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.f : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
    C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@com[1].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.


    ::Report end

  9. #9
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    You posted the same Ewido log from your original scan. Please run Ewido again following the posted instructions. You must run Ewido in safe mode and as an Administrator.

    Please confirm that you told Ewido to quarantine by clicking Quarantine in the Settings section.
    And, when prompted of an infection, that you select "Apply all actions".
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.

  10. #10
    Member
    Join Date
    Jun 2006
    Posts
    6
    Points
    0

    Default Sorry!

    I'm sorry! I did follow your instructions, just saved the wrong report. Here's what I got this time:


    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 5:39:54 PM 7/9/2006

    + Scan result:



    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kathleen.KATHI\Cookies\kathleen@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


    ::Report end

    Thanks again!

Page 1 of 2 12 LastLast